Hi all - I sure hope I can get some help here. I caught a very bad virus(es) yesterday, with many symptoms. I'm using XP Home SP3
How it happened: I clicked on a link to an image on an image hosting site, and got a few popups, and a couple of trojan detection warnings from Ad-aware and Norton Internet Security. Both said "No further action required," so I didn't write the names down However, Firefox froze and I had to use Task Manager to close the firefox.exe file.
Symptoms: Since then, I've had multiple messages (usually every 15 minutes) from NIS that a recent attack was blocked. Every time it's from a different place, but it always says the source is my svchost.exe file in my WINNT/system32 folder. Also, my computer is super-slow - and gets slower the more I use it; especially if I go online. When I registered on this site, it took over 30-40 seconds for each letter I typed to show up on the screen. Also, there seems to be a problem with Firefox. When I click on links on Google, I'm always redirected (Bookmarks and direct typing in the address window still work) to some random site, but so far, IE8 seems unaffected, albeit it's really slow. So I'm typing this in Wordpad and pasting it in the browser, just in case this happens again. Also, both browsers take forever to open.
Also, when I run Task Manager, it says svchost.exe is using a lot of CPU resources - usually between 40% - 99%.
What I've done so far: I downloaded and updated Super Anti-Spyware and did a (99%)Complete Scan in Safe Mode. I also did a Quick Scan in Safe Mode using Norton Internet Security and Malwarebyte's Anti-Malware. I realized that my Malwarebyte's had not been updated recently; so updated and will run another scan in Safe Mode after I post this. I'm assuming it will take a while to get a response to this. I've also thought of Uninstalling Firefox and re-installing it.
BTW, all the scans showed nothing but tracking cookies, which I deleted. And all scans took much longer than usual. For instance, the SAS scan took over 8 hours - I stopped it after it got thru the WINNT folder (there's not much left after that, but I do have a folder called "Work Projects" with a lot of large .rar files that I know aren't malicious, so I stopped it.
I'll check back with an update on the updated Malwarebyte scan and see if anyone's replied. Should I perhaps not do the scan in Safe Mode? I thought perhaps running in safe mode prevents the malicious code from loading? Hey - if I had a clue, I'd be fixing this myself . . .
In advance, I'll say thank you for any help. I know you could be doing other things with your time, and I appreciate the help.
Edited by aztex999, 04 February 2011 - 09:01 PM.